summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Boman <mboman@gentoo.org>2003-12-09 15:07:53 +0000
committerMichael Boman <mboman@gentoo.org>2003-12-09 15:07:53 +0000
commit5686156797aa016db80265760ee9cc4677fe51e7 (patch)
tree463297fa2d50f8c611868f30c545f61adb1ce19a /net-analyzer
parentAdded missing prelude config file. Added patch to correct snort's drop packet... (diff)
downloadhistorical-5686156797aa016db80265760ee9cc4677fe51e7.tar.gz
historical-5686156797aa016db80265760ee9cc4677fe51e7.tar.bz2
historical-5686156797aa016db80265760ee9cc4677fe51e7.zip
Added missing prelude config file. Added patch to correct snort's drop packet calculations.
Diffstat (limited to 'net-analyzer')
-rw-r--r--net-analyzer/snort/Manifest4
-rw-r--r--net-analyzer/snort/files/digest-snort-2.0.5-r22
-rw-r--r--net-analyzer/snort/files/snort-drop-calculation.diff87
-rw-r--r--net-analyzer/snort/snort-2.0.5-r2.ebuild108
4 files changed, 199 insertions, 2 deletions
diff --git a/net-analyzer/snort/Manifest b/net-analyzer/snort/Manifest
index a508dbd09cc4..f1859775a051 100644
--- a/net-analyzer/snort/Manifest
+++ b/net-analyzer/snort/Manifest
@@ -1,6 +1,6 @@
-MD5 a885df07d7d5c0fe3ac0bb6c4053904d ChangeLog 5515
+MD5 71eef3021a6fa205c114fd2b791fcf48 ChangeLog 5634
MD5 9c6b611339af7149d67f677a96d398db metadata.xml 930
-MD5 70bb07c78cda0a39fceeb1297ad34777 snort-2.0.5-r2.ebuild 3140
+MD5 850594c9049008dfc8e0123a0686224c snort-2.0.5-r2.ebuild 3140
MD5 6b8e74b31bd8b33a1abf5099637de1f1 snort-1.9.1-r3.ebuild 2280
MD5 195e5df4b9093a07bfb509cb9f7ecd0a snort-2.0.0.ebuild 2977
MD5 0c4f28771a4096a1dc044f13ea500bff snort-2.0.1-r1.ebuild 2734
diff --git a/net-analyzer/snort/files/digest-snort-2.0.5-r2 b/net-analyzer/snort/files/digest-snort-2.0.5-r2
new file mode 100644
index 000000000000..4351b0787e07
--- /dev/null
+++ b/net-analyzer/snort/files/digest-snort-2.0.5-r2
@@ -0,0 +1,2 @@
+MD5 f129ee00a3d6e7b7c1ff4a1e1fba3a08 snort-2.0.5.tar.gz 1951308
+MD5 7fd78d7bb755227c5acec7bfecdb94f7 snort-prelude-reporting-patch-0.2.5.tar.gz 39277
diff --git a/net-analyzer/snort/files/snort-drop-calculation.diff b/net-analyzer/snort/files/snort-drop-calculation.diff
new file mode 100644
index 000000000000..f246155611dd
--- /dev/null
+++ b/net-analyzer/snort/files/snort-drop-calculation.diff
@@ -0,0 +1,87 @@
+--- src/util.orig 2003-10-01 16:17:50.000000000 +0200
++++ src/util.c 2003-10-01 16:20:27.000000000 +0200
+@@ -916,13 +916,13 @@
+ LogMessage("\n\n===================================="
+ "===========================================\n");
+ LogMessage("Snort analyzed %d out of %d packets, ",
+- ps.ps_recv, ps.ps_recv+ps.ps_drop);
++ ps.ps_recv - ps.ps_drop, ps.ps_recv);
+
+ if(ps.ps_recv)
+ {
+ LogMessage("dropping %d(%.3f%%) packets\n\n",
+ ps.ps_drop,
+- CalcPct( (float) ps.ps_drop, (float) (ps.ps_recv+ps.ps_drop) ));
++ CalcPct( (float) ps.ps_drop, (float) ps.ps_recv ));
+ }
+ else
+ {
+@@ -931,44 +931,44 @@
+
+ LogMessage("Breakdown by protocol: Action Stats:\n");
+ LogMessage(" TCP: %-10ld (%.3f%%)%-*sALERTS: %-10ld\n",
+- pc.tcp, CalcPct((float) pc.tcp, recv + drop),
++ pc.tcp, CalcPct((float) pc.tcp, recv),
+ CalcPct((float)pc.tcp,recv + drop)<10?10:9 , " ", pc.alert_pkts);
+ LogMessage(" UDP: %-10ld (%.3f%%)%-*sLOGGED: %-10ld\n",
+- pc.udp, CalcPct((float) pc.udp, recv + drop),
++ pc.udp, CalcPct((float) pc.udp, recv),
+ CalcPct((float)pc.udp,recv + drop)<10?10:9, " ", pc.log_pkts);
+ LogMessage(" ICMP: %-10ld (%.3f%%)%-*sPASSED: %-10ld\n",
+- pc.icmp, CalcPct((float) pc.icmp, recv + drop),
++ pc.icmp, CalcPct((float) pc.icmp, recv),
+ CalcPct((float)pc.icmp,recv + drop)<10?10:9, " ", pc.pass_pkts);
+ LogMessage(" ARP: %-10ld (%.3f%%)\n",
+- pc.arp, CalcPct((float) pc.arp, recv + drop));
++ pc.arp, CalcPct((float) pc.arp, recv));
+ LogMessage(" EAPOL: %-10ld (%.3f%%)\n",
+- pc.eapol, CalcPct((float) pc.eapol, recv + drop));
++ pc.eapol, CalcPct((float) pc.eapol, recv));
+ LogMessage(" IPv6: %-10ld (%.3f%%)\n",
+- pc.ipv6, CalcPct((float) pc.ipv6, recv + drop));
++ pc.ipv6, CalcPct((float) pc.ipv6, recv));
+ LogMessage(" IPX: %-10ld (%.3f%%)\n",
+- pc.ipx, CalcPct((float) pc.ipx, recv + drop));
++ pc.ipx, CalcPct((float) pc.ipx, recv));
+ LogMessage(" OTHER: %-10ld (%.3f%%)\n",
+- pc.other, CalcPct((float) pc.other, recv + drop));
++ pc.other, CalcPct((float) pc.other, recv));
+ LogMessage("DISCARD: %-10ld (%.3f%%)\n",
+- pc.discards, CalcPct((float) pc.discards, recv + drop));
++ pc.discards, CalcPct((float) pc.discards, recv));
+ LogMessage("================================================"
+ "===============================\n");
+ LogMessage("Wireless Stats:\n");
+ LogMessage("Breakdown by type:\n");
+ LogMessage(" Management Packets: %-10ld (%.3f%%)\n",
+ pc.wifi_mgmt, CalcPct((float) pc.wifi_mgmt
+- , recv + drop));
++ , recv));
+ LogMessage(" Control Packets: %-10ld (%.3f%%)\n",
+ pc.wifi_control, CalcPct((float) pc.wifi_control
+- , recv + drop));
++ , recv));
+ LogMessage(" Data Packets: %-10ld (%.3f%%)\n",
+ pc.wifi_data, CalcPct((float) pc.wifi_data
+- , recv + drop));
++ , recv));
+ LogMessage("================================================"
+ "===============================\n");
+ LogMessage("Fragmentation Stats:\n");
+ LogMessage("Fragmented IP Packets: %-10ld (%.3f%%)\n",
+- pc.frags, CalcPct((float) pc.frags, recv + drop));
++ pc.frags, CalcPct((float) pc.frags, recv));
+ LogMessage(" Fragment Trackers: %-10ld\n",
+ pc.frag_trackers);
+ LogMessage(" Rebuilt IP Packets: %-10ld\n",
+@@ -987,7 +987,7 @@
+ LogMessage("TCP Stream Reassembly Stats:\n");
+ LogMessage(" TCP Packets Used: %-10ld (%-3.3f%%)\n",
+ pc.tcp_stream_pkts,
+- CalcPct((float) pc.tcp_stream_pkts, recv + drop));
++ CalcPct((float) pc.tcp_stream_pkts, recv));
+ LogMessage(" Stream Trackers: %-10ld\n", pc.tcp_streams);
+ LogMessage(" Stream flushes: %-10ld\n", pc.rebuilt_tcp);
+ LogMessage(" Segments used: %-10ld\n", pc.rebuilt_segs);
+
+
diff --git a/net-analyzer/snort/snort-2.0.5-r2.ebuild b/net-analyzer/snort/snort-2.0.5-r2.ebuild
new file mode 100644
index 000000000000..ae66d76fe735
--- /dev/null
+++ b/net-analyzer/snort/snort-2.0.5-r2.ebuild
@@ -0,0 +1,108 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.0.5-r2.ebuild,v 1.1 2003/12/09 15:07:38 mboman Exp $
+
+inherit eutils
+
+DESCRIPTION="Libpcap-based packet sniffer/logger/lightweight IDS"
+HOMEPAGE="http://www.snort.org/"
+SRC_URI="http://www.snort.org/dl/${P}.tar.gz
+ prelude? ( http://www.prelude-ids.org/download/releases/snort-prelude-reporting-patch-0.2.5.tar.gz )"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86 ~sparc -alpha"
+IUSE="ssl postgres mysql prelude flexresp samba"
+# snort 2.0.x does not support snmp yet Bug #26310
+# IUSE="${IUSE} snmp"
+
+DEPEND="virtual/glibc
+ >=net-libs/libpcap-0.6.2-r1
+ flexresp? ( <net-libs/libnet-1.1
+ >=net-libs/libnet-1.0.2a-r3 )
+ postgres? ( >=dev-db/postgresql-7.2 )
+ mysql? ( >=dev-db/mysql-3.23.26 )
+ ssl? ( >=dev-libs/openssl-0.9.6b )
+ prelude? ( >=dev-libs/libprelude-0.8 )"
+# snmp? ( >=net-analyzer/net-snmp-5.0 )
+RDEPEND="virtual/glibc
+ dev-lang/perl
+ >=net-libs/libpcap-0.6.2-r1
+ postgres? ( >=dev-db/postgresql-7.2 )
+ mysql? ( >=dev-db/mysql-3.23.26 )
+ ssl? ( >=dev-libs/openssl-0.9.6b )
+ samba? ( net-fs/samba )
+ prelude? ( >=dev-libs/libprelude-0.8 )"
+
+src_unpack() {
+ unpack ${A}
+
+ cd ${S}
+ #is this needed in 2.0? -Method
+ #epatch ${FILESDIR}/${P}-configure.patch
+ use flexresp && epatch ${FILESDIR}/${PV}-libnet-1.0.patch
+
+ epatch ${FILESDIR}/${P}-gcc3.patch
+
+ epatch ${FILESDIR}/snort-drop-calculation.diff
+
+ sed "s:var RULE_PATH ../rules:var RULE_PATH /etc/snort:" < etc/snort.conf > etc/snort.conf.distrib
+
+ use prelude && (
+ epatch ../${P/.5/.2}-prelude.diff
+ sh ./autogen.sh
+ )
+}
+
+src_compile() {
+ local myconf
+ use flexresp && myconf="$myconf --enable-flexresp" # There is no --diable-flexresp, can't use use_enable
+ use samba && myconf="$myconf --enable-smbalerts" # There is no --diable-smbalerts, can't use use_enable
+
+# `use_with snmp` \
+# --enable-pthreads \ # Not supported, never was, and now also removed
+
+ econf \
+ `use_with postgres postgresql` \
+ `use_with mysql` \
+ `use_with ssl openssl` \
+ `use_with prelude` \
+ --without-odbc \
+ --without-oracle \
+ $myconf || die "bad ./configure"
+
+ emake || die "compile problem"
+}
+
+src_install() {
+ make DESTDIR=${D} install || die
+
+ dodir /var/log/snort
+ keepdir /var/log/snort/
+
+ insinto /usr/lib/snort/bin
+ doins contrib/{create_mysql,snortlog,*.pl}
+
+ dodoc COPYING LICENSE doc/*
+ docinto contrib ; dodoc contrib/*
+
+ insinto /etc/snort
+ doins etc/reference.config etc/classification.config rules/*.rules etc/*.map
+ use prelude && doins etc/prelude-classification.config
+ doins etc/snort.conf.distrib
+
+ exeinto /etc/init.d ; newexe ${FILESDIR}/snort.rc6 snort
+ insinto /etc/conf.d ; newins ${FILESDIR}/snort.confd snort
+}
+
+pkg_postinst() {
+ enewgroup snort
+ enewuser snort -1 /dev/null /var/log/snort snort
+ usermod -d "/var/log/snort" snort || die "usermod problem"
+ usermod -g "snort" snort || die "usermod problem"
+ usermod -s "/dev/null" snort || die "usermod problem"
+ echo "ignore any message about CREATE_HOME above..."
+
+ chown snort:snort /var/log/snort
+ chmod 0770 /var/log/snort
+}